fix slow code, add bounds checks (#1606)

Tested that players with valid names up to the usual 33 character max are still added to the player container
Tested that you can still team with <= 4 players on a team
Tested that chat server no longer crashes with a bad memberSize variable
asserted that InsertPlayer is indeed much faster now and is no longer a slow point of ChatServer
This commit is contained in:
David Markowitz 2024-10-26 20:09:32 -07:00 committed by GitHub
parent 8d54db7851
commit 33a8efdd22
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -36,16 +36,19 @@ void PlayerContainer::InsertPlayer(Packet* packet) {
data.playerID = playerId; data.playerID = playerId;
uint32_t len; uint32_t len;
inStream.Read<uint32_t>(len); if (!inStream.Read<uint32_t>(len)) return;
for (int i = 0; i < len; i++) { if (len > 33) {
char character; inStream.Read<char>(character); LOG("Received a really long player name, probably a fake packet %i.", len);
data.playerName += character; return;
} }
inStream.Read(data.zoneID); data.playerName.resize(len);
inStream.Read(data.muteExpire); inStream.ReadAlignedBytes(reinterpret_cast<unsigned char*>(data.playerName.data()), len);
inStream.Read(data.gmLevel);
if (!inStream.Read(data.zoneID)) return;
if (!inStream.Read(data.muteExpire)) return;
if (!inStream.Read(data.gmLevel)) return;
data.sysAddr = packet->systemAddress; data.sysAddr = packet->systemAddress;
m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName); m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName);
@ -122,6 +125,11 @@ void PlayerContainer::CreateTeamServer(Packet* packet) {
size_t membersSize = 0; size_t membersSize = 0;
inStream.Read(membersSize); inStream.Read(membersSize);
if (membersSize >= 4) {
LOG("Tried to create a team with more than 4 players");
return;
}
std::vector<LWOOBJID> members; std::vector<LWOOBJID> members;
members.reserve(membersSize); members.reserve(membersSize);